You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/ddos-protection/inline-protection-glb.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,7 +17,7 @@ This article describes how to implement inline Layer 7 (L7) DDoS protection for
17
17
18
18
Azure DDoS Protection provides robust, always-on defense at the network layer (L3/4), quickly detecting and mitigating attacks within 30-60 seconds. While it focuses on protecting against volumetric and protocol-based threats, application layer (L7) inspection can be added for even greater security.
19
19
20
-
Some workloads, such as gaming, web applications, financial services, and streaming services, demand ultra-low latency and continuous protection. For these scenarios, inline protection ensures that all traffic is proactively routed through the DDoS protection pipeline at all times. This approach not only delivers immediate mitigation but also enables deep inspection of packet payloads, helping to detect and block low-volume attacks that target vulnerabilities at the application layer (L7).
20
+
Some workloads, such as gaming, web applications, financial services, and streaming services, demand ultra-low latency, and continuous protection. For these scenarios, inline protection ensures that all traffic is proactively routed through the DDoS protection pipeline at all times. This approach not only delivers immediate mitigation but also enables deep inspection of packet payloads, helping to detect and block low-volume attacks that target vulnerabilities at the application layer (L7).
21
21
22
22
Partner NVAs deployed with Gateway Load Balancer and integrated with Azure DDoS Protection offer comprehensive inline L7 DDoS Protection for high-performance and high-availability scenarios. This combination provides L3-L7 protection against volumetric and low-volume DDoS attacks.
23
23
@@ -34,17 +34,17 @@ Partner NVAs provide advanced capabilities, including deep packet inspection, an
34
34
35
35
## What is a Gateway Load Balancer?
36
36
37
-
Gateway Load Balancer is a SKU of Azure Load Balancer designed for high-performance and high-availability scenarios with third-party Network Virtual Appliances (NVAs).
37
+
Gateway Load Balancer is a SKU of Azure Load Balancer designed for high-performance and high-availability scenarios with third-party NVAs.
38
38
39
-
With Gateway Load Balancer, you can easily deploy, scale, and manage network virtual appliances (NVAs). You can connect a Gateway Load Balancer to your public endpoint with a single configuration step. This allows you to insert appliances into the network path for scenarios such as firewalls, advanced packet analytics, intrusion detection and prevention systems, or other custom needs. Gateway Load Balancer also maintains flow symmetry to a specific instance in the backend pool, ensuring session consistency.
39
+
With Gateway Load Balancer, you can easily deploy, scale, and manage NVAs. You can connect a Gateway Load Balancer to your public endpoint with a single configuration step. This capability lets you add NVAs to the network path for scenarios such as firewalls, advanced packet analytics, intrusion detection systems, intrusion prevention systems, or other custom solutions. Gateway Load Balancer also maintains flow symmetry to a specific instance in the backend pool, ensuring session consistency.
40
40
41
41
For more information, see [Gateway Load Balancer](../load-balancer/gateway-overview.md).
42
42
43
43
## Architecture
44
44
45
-
DDoS attacks on latency-sensitive workloads like gaming can cause outages lasting 2-10 seconds, disrupting availability. Gateway Load Balancer enables protection of such workloads by ensuring the relevant NVAs are injected into the ingress path of the internet traffic. After connecting to a Standard Public Load Balancer frontend or IP configuration on a virtual machine, no extra configuration is needed to route traffic to and from the application endpoint through the Gateway Load Balancer.
45
+
DDoS attacks on latency-sensitive workloads like gaming can cause outages lasting 2-10 seconds, disrupting availability. Gateway Load Balancer enables protection of such workloads by ensuring the relevant NVAs are injected into the ingress path of the internet traffic. After you connect the Gateway Load Balancer to a Standard Public Load Balancer frontend or to the IP configuration of a virtual machine, traffic to and from the application endpoint is automatically routed through the Gateway Load Balancer—no additional configuration is required.
46
46
47
-
Inbound traffic is always inspected by the NVAs, and clean traffic returns to the backend infrastructure (such as game servers).
47
+
Inbound traffic is inspected by the NVAs, and clean traffic returns to the backend infrastructure (such as game servers).
48
48
49
49
Traffic flows from the consumer virtual network to the provider virtual network and then returns to the consumer virtual network. The consumer and provider virtual networks can be in different subscriptions, tenants, or regions, enabling greater flexibility and ease of management.
50
50
@@ -69,7 +69,7 @@ To ensure effective DDoS protection using Gateway Load Balancer and partner NVAs
69
69
70
70
-**Scale NVAs appropriately to handle peak traffic volumes.**
71
71
72
-
Ensure that your network virtual appliances (NVAs) are sized and configured to accommodate the highest expected levels of traffic. Under-provisioned NVAs can become a bottleneck, reducing the effectiveness of DDoS mitigation and potentially impacting application performance. Use Azure monitoring tools to track traffic patterns and adjust scaling as needed. Learn more about [Azure Monitor](/azure/azure-monitor/fundamentals/overview) and [Network Watcher](/azure/network-watcher/network-watcher-monitoring-overview).
72
+
Ensure that your NVAs are sized and configured to accommodate the highest expected levels of traffic. Under-provisioned NVAs can become a bottleneck, reducing the effectiveness of DDoS mitigation and potentially impacting application performance. Use Azure monitoring tools to track traffic patterns and adjust scaling as needed. Learn more about [Azure Monitor](/azure/azure-monitor/fundamentals/overview) and [Network Watcher](/azure/network-watcher/network-watcher-monitoring-overview).
73
73
74
74
-**Deploy NVAs in a high-availability configuration to avoid single points of failure.**
0 commit comments